Morpheus

Administrators
  • Content count

    563
  • Joined

  • Last visited

Everything posted by Morpheus

  1. So it appears it is working correcty. Did you run the .reg file, and did you modify it to reflect the path changes before running it?
  2. This below is documented in the tutorial.   Have you moved the test.php to the d:winidsinetpubwwwrootbase folder and see if you can access that file through the browser?   You should zip up the C:WindowsSystem32inetsrv folder, and attach that along with your php.ini file.
  3. Test the snort installation...   Go back to the section labeled Testing the Snort configuration and rules and complete. Post the output if it fails.   Configuration files should be attached, and not posted in a reply.
  4. Let us know if it works and I can add that to the tutorial.
  5.   Remote access is as simple as having the appropriate port opened on the master database to the outside world, and giving the remote client the appropriate permissions to connect to the master database. Keep in mind that this is NOT secure way to connect client to master, and Winsnort.com  has not tackled that in a tutorial, as it is an advanced option.   My guess is; if you have made sure that the default port of 3306 is open to the outside world on the master sensor, and it has been verified, then its most likely a user permission problem. You might want to setup a specific user account for remote access and adjust the barnyard2.conf for access.
  6. If you are running Pulled Pork you do not want to manually run the create sid-map file. Pulled Pork will run it's own, more advavced utility during the process of updating the rules.
  7. For some unknown reason this happens when configuring IIS, at random installs.
  8. Yes, that could happen depending on copnnectivity. Also, manually delete all the files in all the temp folders.
  9. Could be a few things:   1) No inteernet access 2) Trying to connect out through a proxy 3) the repository is down for some unknown reason
  10. Go back to the tutorial and complete the section labled 'Testing the Snort configuration file'. Post the results.
  11. Did you try: How manually to trigger TCP, IP, UDP, and ICMP for event testing ?   What were the results?
  12. Did you try: >How manually to trigger TCP, IP, UDP, and ICMP for event testing
  13. This is your line 349 output database: log, mysql, user=base password=123456 dbname=snort host=localhost sensor_name=WinIDS-Home This is what the line 349 should look like if the tutorial was followed output database: log, mysql, user=snort password=l0gg3r dbname=snort host=winids sensor_name=WinIDS-Home Not sure what you have done as it appears you have changed critical switches. Correcting these should allow a connection to the MySQL database?
  14. Attach you barnyard.conf file.     Attach you barnyard.conf file.
  15. Is MySQL running as a service?   Can you login to the MySQL server from the command prompt.   Open a command window and type 'mysql -u snort -pl0gg3r' (less the outside quotes), and tap the Enter key.   Type exactly as shown above.   You should be dropped into a mysql CMD prompt.   Were you able to log into the MySQL server?
  16. I'm not sure what Windows XP has to do with this problem? It appears by the screen shot that NO traffic is being detected. This could be a MULTITUDE of problems. 1) NIC drivers, or compatibility 2) Not specifying the correct NIC in the run line 3) Connected to a unmanaged switch (needs to see ALL traffic). 4) Short not configured correctly for HOME_NET
  17.     I found a few quirks but nothing major. Swap the files in the attached .zip with your existing files. winIDS.zip
  18. Are you able to ping locally (127.0.0.1)?   Unable to detect ping could be firewall, or router issues?
  19. If you are still getting these timeout errors, you may need to look at physical memory, or possibly a memory managemet problem?
  20. This is happening because you have a gazillion events being processed and the Windows Intrusion Detection Systems (WinIDS) security console is working overtime.   Open the php.ini and change:   Original Line(s): max_execution_time = 60 Change to: max_execution_time = xx   Change the xx to accommodate the time required.   My guess is that you are processing hundreds of thousands if not millions of events that are irrelevant. Try adjusting the preprocessors and the rules to accommodate your specific needs. If you need help doing this join the snort-users mailing list. You will find a lot of advanced uses that are willing to help. 
  21. Read this and give it a try and see if it clears up your problem.
  22. Read >this and give it a try and see if it clears up your problem.
  23. Getting to the point where I'm unable to reboot to fix things
  24. It appears that the sys::syslog module failed to install per the tutorial. Go back and try installing it again.